Item: Splunk Enterprise Security (ES)
Rating: 10
Author: Daniel Knights

Use Cases and Deployment Scope

Splunk Enterprise Security is an awesome tool to start a security team. alerts and places for them to investigate security incidents. we use it at our client sites to start them on their journey to a CSOC. this product allows the team to work together to solve issues on the network. we use it to monitor all aspects of the network

Pros and Cons

alerts
dashboards
network overview
security overview

better alert suppression
have a way to alert all users to an event

Return on Investment

MTTR is much better
MTTD is now a thing before we had nothing

Scalability

Splunk is able to be scaled infinitely with both on-prem or cloud or both. so far it can do whatever we throw at it

Key Insights

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Other Software Used

Tenable.io

Likelihood to Recommend

we have used this to alert us when our network is under attack. or a user is doing something they should not be doing. Splunk Enterprise Security is well suited for Security Intelligence collection and investigation. our CSOC team uses it each day to track down problem users and security incidents. our clients love the overview dashboards it gives

stop your breeches

Overall Satisfaction with Splunk Enterprise Security (ES)